Add support for signing E-Mails and fixed tests.

This commit is contained in:
InfiniteLoopSpace 2018-11-19 14:33:55 +01:00
parent 63fb32eb40
commit 830a60b19f
7 changed files with 328 additions and 62 deletions

View File

@ -139,7 +139,7 @@ func (cms *CMS) Decrypt(contentInfo []byte) (plain []byte, err error) {
} }
// Sign signs the data and returns returns DER-encoded ASN.1 ContentInfo. // Sign signs the data and returns returns DER-encoded ASN.1 ContentInfo.
func (cms *CMS) Sign(data []byte) (der []byte, err error) { func (cms *CMS) Sign(data []byte, detachedSignature ...bool) (der []byte, err error) {
enci, err := protocol.NewDataEncapsulatedContentInfo(data) enci, err := protocol.NewDataEncapsulatedContentInfo(data)
if err != nil { if err != nil {
@ -162,6 +162,10 @@ func (cms *CMS) Sign(data []byte) (der []byte, err error) {
} }
} }
if len(detachedSignature) > 0 && detachedSignature[0] {
sd.EncapContentInfo.EContent = nil
}
ci, err := sd.ContentInfo() ci, err := sd.ContentInfo()
if err != nil { if err != nil {
return return

View File

@ -104,7 +104,7 @@ func TestSignVerify(t *testing.T) {
func TestEncryptOpenSSL(t *testing.T) { func TestEncryptOpenSSL(t *testing.T) {
message := []byte("Hallo Welt!") message := []byte("Hallo Welt!")
der, err := openssl.Encrypt(message, leaf.Certificate) der, err := openssl.Encrypt(message, leaf.Certificate, "-outform", "DER")
if err != nil { if err != nil {
t.Error(err) t.Error(err)
} }
@ -129,7 +129,7 @@ func TestDecryptOpenSSL(t *testing.T) {
t.Error(err) t.Error(err)
} }
plain, err := openssl.Decrypt(ciphertext, leaf.PrivateKey) plain, err := openssl.Decrypt(ciphertext, leaf.PrivateKey, "-inform", "DER")
if err != nil { if err != nil {
t.Error(err) t.Error(err)
} }
@ -142,7 +142,7 @@ func TestDecryptOpenSSL(t *testing.T) {
func TestSignOpenSSL(t *testing.T) { func TestSignOpenSSL(t *testing.T) {
message := []byte("Hallo Welt") message := []byte("Hallo Welt")
sig, err := openssl.SignDetached(message, leaf.Certificate, leaf.PrivateKey, intermediate.Certificate) sig, err := openssl.SignDetached(message, leaf.Certificate, leaf.PrivateKey, []*x509.Certificate{intermediate.Certificate}, "-outform", "DER")
if err != nil { if err != nil {
t.Error(err) t.Error(err)
} }
@ -176,7 +176,7 @@ func TestVerifyOpenSSL(t *testing.T) {
t.Error(err) t.Error(err)
} }
sig, err := openssl.Verify(der, root.Certificate) sig, err := openssl.Verify(der, root.Certificate, "-inform", "DER")
if err != nil { if err != nil {
t.Error(err) t.Error(err)
} }

View File

@ -4,6 +4,7 @@ package mime
import ( import (
"bytes" "bytes"
"crypto/rand"
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
@ -35,13 +36,26 @@ func (m *MIME) Body() []byte {
} }
//Gets the full message //Gets the full message
func (m *MIME) Full() []byte { func (m *MIME) Full(sep ...[]byte) []byte {
var sep []byte if len(sep) == 0 {
sep = append(sep, m.interm.Line...) return m.FullLines().bytes(nil)
sep = append(sep, m.interm.endOfLine...) }
return append(append(m.Header(), sep...), m.Body()...) return m.FullLines().bytes(sep[0])
}
//Gets the full message as Lines
func (m *MIME) FullLines() (full Lines) {
full = append(full, m.headerFld...)
if m.interm.Line == nil && m.interm.endOfLine == nil {
m.interm = Line{nil, LF}
}
full = append(full, m.interm)
full = append(full, m.body...)
return
} }
//Adds a header field to the header of the message //Adds a header field to the header of the message
@ -62,11 +76,16 @@ func (m *MIME) AddHeaderField(key, value []byte) {
//Removes a header fild from the header of the message //Removes a header fild from the header of the message
func (m *MIME) DeleteHeaderField(key []byte) { func (m *MIME) DeleteHeaderField(key []byte) {
for i := len(m.headerFld) - 1; i >= 0; i-- { for i := 0; i < len(m.headerFld); i++ { //i := range m.headerFld {
colonInd := bytes.Index(m.headerFld[i].Line, []byte(":")) keyAndField := bytes.SplitN(m.headerFld[i].Line, []byte(":"), 2)
k := m.headerFld[i].Line[:colonInd]
if bytes.Equal(bytes.ToLower(k), bytes.ToLower(key)) { if len(keyAndField) == 2 && bytes.Equal(bytes.ToLower(keyAndField[0]), bytes.ToLower(key)) {
m.headerFld = append(m.headerFld[:i], m.headerFld[i+1:]...) m.headerFld = append(m.headerFld[:i], m.headerFld[i+1:]...)
for i < len(m.headerFld) && isContinuedLine(m.headerFld[i].Line) {
m.headerFld = append(m.headerFld[:i], m.headerFld[i+1:]...)
}
i--
} }
} }
@ -76,15 +95,18 @@ func (m *MIME) DeleteHeaderField(key []byte) {
func (m *MIME) GetHeaderField(key []byte) (values [][]byte) { func (m *MIME) GetHeaderField(key []byte) (values [][]byte) {
for i := range m.headerFld { for i := range m.headerFld {
colonInd := bytes.Index(m.headerFld[i].Line, []byte(":")) keyAndField := bytes.SplitN(m.headerFld[i].Line, []byte(":"), 2)
if colonInd < 1 {
fmt.Printf("%q\n", (m.headerFld[i].Line)) value := []byte{}
} if len(keyAndField) == 2 && bytes.Equal(bytes.ToLower(keyAndField[0]), bytes.ToLower(key)) {
k := m.headerFld[i].Line[:colonInd]
if bytes.Equal(bytes.ToLower(k), bytes.ToLower(key)) { value = append(value, keyAndField[1][1:]...)
if colonInd+2 < len(m.headerFld[i].Line) { for k := 1; i+k < len(m.headerFld) && isContinuedLine(m.headerFld[i+k].Line); k++ {
values = append(values, m.headerFld[i].Line[colonInd+2:]) value = append(value, m.headerFld[i+k-1].endOfLine...)
value = append(value, m.headerFld[i+k].Line...)
} }
values = append(values, value)
} }
} }
@ -181,24 +203,9 @@ func Parse(raw []byte) (m MIME) {
} }
func parseMIME(rawLines Lines) (m MIME) { func parseMIME(rawLines Lines) (m MIME) {
var headerField Line
for i := range rawLines { for i := range rawLines {
if len(rawLines[i].Line) > 0 && isContinuedLine(rawLines[i].Line) && i > 0 && !isEmpty(rawLines[i].Line) {
headerField.Line = append(headerField.Line, headerField.endOfLine...)
headerField.Line = append(headerField.Line, rawLines[i].Line...)
headerField.endOfLine = rawLines[i].endOfLine
} else {
if i > 0 {
m.headerFld = append(m.headerFld, headerField)
}
//Next headerField
headerField = rawLines[i]
}
// Empty line seprates header and body // Empty line seprates header and body
if isEmpty(rawLines[i].Line) { if isEmpty(rawLines[i].Line) {
m.interm = rawLines[i] m.interm = rawLines[i]
@ -206,6 +213,8 @@ func parseMIME(rawLines Lines) (m MIME) {
break break
} }
m.headerFld = append(m.headerFld, rawLines[i])
} }
return return
@ -241,7 +250,7 @@ func (l Lines) splitLine(sep []byte) (newL Lines) {
for i := 0; i < len(split)-1; i++ { for i := 0; i < len(split)-1; i++ {
newL = append(newL, Line{split[i], sep}) newL = append(newL, Line{split[i], sep})
} }
newL = append(newL, Line{split[len(split)-1], nil}) newL = append(newL, Line{split[len(split)-1], line.endOfLine})
} else { } else {
newL = append(newL, line) newL = append(newL, line)
} }
@ -284,3 +293,28 @@ func isContinuedLine(s []byte) bool {
return false return false
} }
// SetMultipartBody makes a mulitpart messages with given parts and contentType
func (m *MIME) SetMultipartBody(contentType string, parts ...MIME) {
body := Lines{}
// Generate boundary
bndry := make([]byte, 30)
rand.Read(bndry)
boundary := fmt.Sprintf("%x", bndry)
// Fix header
m.DeleteHeaderField([]byte("Content-Disposition"))
m.DeleteHeaderField([]byte("Content-Transfer-Encoding"))
m.SetHeaderField([]byte("Content-Type"), []byte(contentType+"; boundary="+boundary))
for i := range parts {
body = append(body, Line{[]byte("\n--" + boundary), LF})
body = append(body, parts[i].FullLines()...)
}
body = append(body, Line{[]byte("--" + boundary + "--"), LF})
m.body = body
}

View File

@ -14,33 +14,39 @@ import (
) )
//Encrypt a message with openssl //Encrypt a message with openssl
func Encrypt(in []byte, cert *x509.Certificate) (der []byte, err error) { func Encrypt(in []byte, cert *x509.Certificate, opts ...string) (der []byte, err error) {
tmp, err := ioutil.TempFile("", "example") tmp, err := ioutil.TempFile("", "example")
defer os.Remove(tmp.Name()) defer os.Remove(tmp.Name())
pem.Encode(tmp, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) pem.Encode(tmp, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
der, err = openssl(in, "smime", "-outform", "DER", "-encrypt", "-aes128", tmp.Name()) param := []string{"smime", "-encrypt", "-aes128"}
param = append(param, opts...)
param = append(param, tmp.Name())
der, err = openssl(in, param...)
return return
} }
//Decrypt a message with openssl //Decrypt a message with openssl
func Decrypt(in []byte, key crypto.PrivateKey) (plain []byte, err error) { func Decrypt(in []byte, key crypto.PrivateKey, opts ...string) (plain []byte, err error) {
tmp, err := ioutil.TempFile("", "example") tmp, err := ioutil.TempFile("", "example")
defer os.Remove(tmp.Name()) defer os.Remove(tmp.Name())
pem.Encode(tmp, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key.(*rsa.PrivateKey))}) pem.Encode(tmp, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key.(*rsa.PrivateKey))})
plain, err = openssl(in, "smime", "-inform", "DER", "-decrypt", "-inkey", tmp.Name()) param := []string{"smime", "-decrypt"}
param = append(param, opts...)
param = append(param, []string{"-decrypt", "-inkey", tmp.Name()}...)
plain, err = openssl(in, param...)
return return
} }
//Create a detached signature with openssl //Create a detached signature with openssl
func SignDetached(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm ...*x509.Certificate) (plain []byte, err error) { func SignDetached(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm []*x509.Certificate, opts ...string) (plain []byte, err error) {
tmpCert, err := ioutil.TempFile("", "example") tmpCert, err := ioutil.TempFile("", "example")
defer os.Remove(tmpCert.Name()) defer os.Remove(tmpCert.Name())
@ -59,13 +65,16 @@ func SignDetached(in []byte, cert *x509.Certificate, key crypto.PrivateKey, inte
pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw}) pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw})
} }
plain, err = openssl(in, "smime", "-sign", "-nodetach", "-outform", "DER", "-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()) param := []string{"smime", "-sign", "-nodetach"}
param = append(param, opts...)
param = append(param, []string{"-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()}...)
plain, err = openssl(in, param...)
return return
} }
//Create a signature with openssl //Create a signature with openssl
func Sign(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm ...*x509.Certificate) (plain []byte, err error) { func Sign(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm []*x509.Certificate, opts ...string) (plain []byte, err error) {
tmpCert, err := ioutil.TempFile("", "example") tmpCert, err := ioutil.TempFile("", "example")
defer os.Remove(tmpCert.Name()) defer os.Remove(tmpCert.Name())
@ -84,20 +93,26 @@ func Sign(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm ...*x
pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw}) pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw})
} }
plain, err = openssl(in, "smime", "-sign", "-outform", "DER", "-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()) param := []string{"smime", "-sign"}
param = append(param, opts...)
param = append(param, []string{"-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()}...)
plain, err = openssl(in, param...)
return return
} }
//Verify a signature with openssl //Verify a signature with openssl
func Verify(in []byte, ca *x509.Certificate) (plain []byte, err error) { func Verify(in []byte, ca *x509.Certificate, opts ...string) (plain []byte, err error) {
tmpCA, err := ioutil.TempFile("", "example") tmpCA, err := ioutil.TempFile("", "example")
defer os.Remove(tmpCA.Name()) defer os.Remove(tmpCA.Name())
pem.Encode(tmpCA, &pem.Block{Type: "CERTIFICATE", Bytes: ca.Raw}) pem.Encode(tmpCA, &pem.Block{Type: "CERTIFICATE", Bytes: ca.Raw})
plain, err = openssl(in, "smime", "-verify", "-inform", "DER", "-CAfile", tmpCA.Name()) param := []string{"smime", "-verify"}
param = append(param, opts...)
param = append(param, []string{"-CAfile", tmpCA.Name()}...)
plain, err = openssl(in, param...)
return return
} }

View File

@ -5,27 +5,25 @@ import (
"crypto/x509/pkix" "crypto/x509/pkix"
"testing" "testing"
"time" "time"
pki "github.com/InfiniteLoopSpace/go_S-MIME/pki"
) )
func TestCA(t *testing.T) { func TestCA(t *testing.T) {
pki.DefaultProvince = []string{"CO"} DefaultProvince = []string{"CO"}
pki.DefaultLocality = []string{"Denver"} DefaultLocality = []string{"Denver"}
// Create a root CA. // Create a root CA.
root := pki.New(pki.IsCA, pki.Subject(pkix.Name{ root := New(IsCA, Subject(pkix.Name{
CommonName: "root.myorg.com", CommonName: "root.myorg.com",
})) }))
// Create an intermediate CA under the root. // Create an intermediate CA under the root.
intermediate := root.Issue(pki.IsCA, pki.Subject(pkix.Name{ intermediate := root.Issue(IsCA, Subject(pkix.Name{
CommonName: "intermediate.myorg.com", CommonName: "intermediate.myorg.com",
})) }))
// Create a leaf certificate under the intermediate. // Create a leaf certificate under the intermediate.
leaf := intermediate.Issue(pki.Subject(pkix.Name{ leaf := intermediate.Issue(Subject(pkix.Name{
CommonName: "leaf.myorg.com", CommonName: "leaf.myorg.com",
})) }))

View File

@ -8,6 +8,7 @@ import (
"crypto/x509" "crypto/x509"
"encoding/base64" "encoding/base64"
"errors" "errors"
"log"
"strings" "strings"
"github.com/InfiniteLoopSpace/go_S-MIME/b64" "github.com/InfiniteLoopSpace/go_S-MIME/b64"
@ -42,8 +43,11 @@ func (smime *SMIME) Decrypt(msg []byte) (plaintext []byte, err error) {
mediaType, params, err := mail.ParseMediaType() mediaType, params, err := mail.ParseMediaType()
if !strings.HasPrefix(mediaType, "application/pkcs7-mime") { if !strings.HasPrefix(mediaType, "application/pkcs7-mime") {
err = errors.New("Unsupported media type: Can not decrypt this mail") if !strings.HasPrefix(mediaType, "application/x-pkcs7-mime") {
return err = errors.New("Unsupported media type: Can not decrypt this mail")
return
}
log.Println("Found Content-Type \"application/x-pkcs7-mime\" used early implementations of S/MIME agents")
} }
if !strings.HasPrefix(params["smime-type"], "enveloped-data") { if !strings.HasPrefix(params["smime-type"], "enveloped-data") {
@ -147,13 +151,16 @@ func (smime *SMIME) Verify(msg []byte) (chains [][][]*x509.Certificate, err erro
mediaType, params, err := mail.ParseMediaType() mediaType, params, err := mail.ParseMediaType()
if !strings.HasPrefix(mediaType, "multipart/signed") { if !strings.HasPrefix(mediaType, "multipart/signed") {
err = errors.New("Unsupported media type: can not decrypt this mail") err = errors.New("Unsupported media type: can not verify the signature")
return return
} }
if !strings.HasPrefix(params["protocol"], "application/pkcs7-signature") { if !strings.HasPrefix(params["protocol"], "application/pkcs7-signature") {
err = errors.New("Unsupported smime type: can not decrypt this mail") if !strings.HasPrefix(params["protocol"], "application/x-pkcs7-signature") {
return err = errors.New("Unsupported smime type: can not verify the signature")
return
}
log.Println("Found Content-Type \"application/x-pkcs7-signature\" used early implementations of S/MIME agents")
} }
parts, err := mail.MultipartGetParts() parts, err := mail.MultipartGetParts()
@ -170,8 +177,11 @@ func (smime *SMIME) Verify(msg []byte) (chains [][][]*x509.Certificate, err erro
mediaType, params, err = signature.ParseMediaType() mediaType, params, err = signature.ParseMediaType()
if !strings.HasPrefix(mediaType, "application/pkcs7-signature") { if !strings.HasPrefix(mediaType, "application/pkcs7-signature") {
err = errors.New("Unsupported media type: Can not decrypt this mail") if !strings.HasPrefix(mediaType, "application/x-pkcs7-signature") {
return err = errors.New("Unsupported media type: Can not decrypt this mail")
return
}
log.Println("Found Content-Type \"application/x-pkcs7-signature\" used early implementations of S/MIME agents")
} }
contentTransferEncoding := signature.GetHeaderField([]byte("Content-Transfer-Encoding")) contentTransferEncoding := signature.GetHeaderField([]byte("Content-Transfer-Encoding"))
@ -198,3 +208,52 @@ func (smime *SMIME) Verify(msg []byte) (chains [][][]*x509.Certificate, err erro
return smime.CMS.VerifyDetached(signatureDer, signedMsg) return smime.CMS.VerifyDetached(signatureDer, signedMsg)
} }
// Sign signs a mail and returns the signed message.
func (smime *SMIME) Sign(msg []byte) (signedMsg []byte, err error) {
mail := mime.Parse(msg)
// Prepare the signed Part
signedPart := mime.MIME{}
signedPart.SetBody(mail.Body())
contentType := mail.GetHeaderField([]byte("Content-Type"))
if len(contentType) != 1 {
err = errors.New("Message has no Content-Type")
return
}
signedPart.SetHeaderField([]byte("Content-Type"), contentType[0])
contentTransferEncoding := mail.GetHeaderField([]byte("Content-Transfer-Encoding"))
if len(contentType) == 1 {
signedPart.SetHeaderField([]byte("Content-Transfer-Encoding"), contentTransferEncoding[0])
}
contentDisposition := mail.GetHeaderField([]byte("Content-Disposition"))
if len(contentType) == 1 {
signedPart.SetHeaderField([]byte("Content-Disposition"), contentDisposition[0])
}
// Sign
lines := mime.ParseLines(signedPart.Full())
signatureDER, err := smime.CMS.Sign(lines.Bytes(mime.CRLF), true)
// Encode signature
signature := mime.MIME{}
signature.SetHeaderField([]byte("Content-Type"), []byte("application/pkcs7-signature; name=smime.p7s"))
signature.SetHeaderField([]byte("Content-Transfer-Encoding"), []byte("base64"))
signature.SetHeaderField([]byte("Content-Disposition"), []byte("attachment; filename=smime.p7s"))
signatureBASE64, err := b64.EncodeBase64(signatureDER)
if err != nil {
return
}
signature.SetBody(signatureBASE64)
// Make multipart/signed message
micAlg := "sha256"
cntType := "multipart/signed;\n protocol=\"application/pkcs7-signature\";\n micalg=" + micAlg
mail.SetMultipartBody(cntType, signedPart, signature)
signedMsg = mail.Full()
return
}

View File

@ -2,10 +2,166 @@ package smime
import ( import (
"bytes" "bytes"
"crypto"
"crypto/tls" "crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"fmt"
"log"
"testing" "testing"
"github.com/InfiniteLoopSpace/go_S-MIME/openssl"
"github.com/InfiniteLoopSpace/go_S-MIME/pki"
) )
var (
root = pki.New(pki.IsCA, pki.Subject(pkix.Name{
CommonName: "root.example.com",
}))
intermediate = root.Issue(pki.IsCA, pki.Subject(pkix.Name{
CommonName: "intermediate.example.com",
}))
leaf = intermediate.Issue(pki.Subject(pkix.Name{
CommonName: "leaf.example.com",
}))
keyPair = tls.Certificate{
Certificate: [][]byte{leaf.Certificate.Raw, intermediate.Certificate.Raw, root.Certificate.Raw},
PrivateKey: leaf.PrivateKey.(crypto.PrivateKey),
}
)
func TestEnryptDecrypt(t *testing.T) {
SMIME, err := New(keyPair)
if err != nil {
t.Error(err)
}
plaintext := []byte(msg)
ciphertext, err := SMIME.Encrypt(plaintext, []*x509.Certificate{leaf.Certificate})
if err != nil {
t.Error(err)
}
fmt.Printf("%s\n", ciphertext)
plain, err := SMIME.Decrypt(ciphertext)
if err != nil {
log.Fatal(err)
}
if !bytes.Equal(plaintext, plain) {
t.Fatal("Encryption and decryption are not inverse")
}
}
func TestSignVerify(t *testing.T) {
SMIME, err := New(keyPair)
if err != nil {
t.Error(err)
}
SMIME.CMS.Opts.Roots.AddCert(root.Certificate)
msg := []byte(msg)
der, err := SMIME.Sign(msg)
if err != nil {
t.Error(err)
}
_, err = SMIME.Verify(der)
if err != nil {
t.Error(err)
}
}
func TestEncryptOpenSSL(t *testing.T) {
message := []byte("Hallo Welt!")
der, err := openssl.Encrypt(message, leaf.Certificate)
if err != nil {
t.Error(err)
}
SMIME, err := New(keyPair)
plain, err := SMIME.Decrypt(der)
if err != nil {
t.Error(err)
}
if !bytes.Equal(message, plain) {
t.Fatal("Encryption and decryption are not inverse")
}
}
func TestDecryptOpenSSL(t *testing.T) {
message := []byte(msg)
SMIME, _ := New()
ciphertext, err := SMIME.Encrypt(message, []*x509.Certificate{leaf.Certificate})
if err != nil {
t.Error(err)
}
plain, err := openssl.Decrypt(ciphertext, leaf.PrivateKey)
if err != nil {
t.Error(err)
}
if !bytes.Equal(message, plain) {
t.Fatal("Encryption and decryption are not inverse")
}
}
func TestSignOpenSSL(t *testing.T) {
message := []byte(msg)
sig, err := openssl.Sign(message, leaf.Certificate, leaf.PrivateKey, []*x509.Certificate{intermediate.Certificate})
if err != nil {
t.Error(err)
}
SMIME, err := New()
if err != nil {
t.Error(err)
}
SMIME.CMS.Opts.Roots.AddCert(root.Certificate)
_, err = SMIME.Verify(sig)
if err != nil {
t.Error(err)
}
}
func TestVerifyOpenSSL(t *testing.T) {
SMIME, err := New(keyPair)
if err != nil {
t.Error(err)
}
SMIME.CMS.Opts.Roots.AddCert(root.Certificate)
msg := []byte(msg)
der, err := SMIME.Sign(msg)
if err != nil {
t.Error(err)
}
sig, err := openssl.Verify(der, root.Certificate)
if err != nil {
t.Error(err)
}
if !bytes.Contains(msg, bytes.Replace(sig, []byte("\r"), nil, -1)) {
t.Fatal("Signed message and message do not agree!")
}
}
func TestDecrypt(t *testing.T) { func TestDecrypt(t *testing.T) {
cert, err := tls.X509KeyPair([]byte(bobCert), []byte(bobRSAkey)) cert, err := tls.X509KeyPair([]byte(bobCert), []byte(bobRSAkey))
if err != nil { if err != nil {